Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure that the relay chain can accept authorize_upgrade from the AssetHub and/or Collectives governance systems. #7541

Open
3 tasks
bkontur opened this issue Feb 11, 2025 · 1 comment
Open
3 tasks

Ensure that the relay chain can accept authorize_upgrade from the AssetHub and/or Collectives governance systems. #7541

bkontur opened this issue Feb 11, 2025 · 1 comment

Comments

@bkontur
Copy link
Contributor

bkontur commented Feb 11, 2025

Relates to: #5588 (comment)

Description

As we move the governance system from the relay chain to AssetHub, we must ensure that we can still upgrade the relay chain after the AHM migration.

The actual relay chain upgrade is performed using authorize_upgrade, which requires root access. Therefore, we need to set up relay chain origin converters to process xcm::Transact(authorize_upgrade(new_code_hash)) from AssetHub. From the D-Day perspective, we should also allow Collectives.

E.g. for Kusama:
https://github.com/polkadot-fellows/runtimes/blob/main/relay/kusama/src/xcm_config.rs#L194

type OriginConverter = LocalOriginConverter;

https://github.com/polkadot-fellows/runtimes/blob/main/relay/kusama/src/xcm_config.rs#L94-L102

/// The means that we convert the XCM message origin location into a local dispatch origin.
type LocalOriginConverter = (
	// A `Signed` origin of the sovereign account that the original location controls.
	SovereignSignedViaLocation<SovereignAccountOf, RuntimeOrigin>,
	// A child parachain, natively expressed, has the `Parachain` origin.
	ChildParachainAsNative<parachains_origin::Origin, RuntimeOrigin>,
	// The AccountId32 location type can be expressed natively as a `Signed` origin.
	SignedAccountId32AsNative<ThisNetwork, RuntimeOrigin>,
+     // TODO: add here
+     AssetHubOrCollectivesAsSuperuser<...>,
);

TODO

  • add an e2e, integration, or emulated test to ensure that AssetHub can issue authorize_upgrade on the relay chain as root
  • setup for Westend/AssetHubWestend asap
  • create tracking issue for polkadot-fellows
@bkontur bkontur added this to AHM Feb 11, 2025
@bkontur bkontur converted this from a draft issue Feb 11, 2025
@bkontur
Copy link
Contributor Author

bkontur commented Feb 13, 2025 

 // TODO: add here
 AssetHubOrCollectivesAsSuperuser<...>,

We already have ChildSystemParachainAsSuperuser (not used anywhere) and similar SiblingSystemParachainAsSuperuser, but probably we want to be pretty specific here.

So I suggest we add filtering capabilities e.g.: AllowedParaIds: Contains<ParaId>;

pub struct ChildSystemParachainAsSuperuser<ParaId, AllowedParaIds, RuntimeOrigin>;
...
pub struct SiblingSystemParachainAsSuperuser<ParaId, AllowedParaIds, RuntimeOrigin>

so we add to the relaychains:

ChildSystemParachainAsSuperuser<
        ParaId,
        Equals<
            polkadot_runtime_constants::system_parachain::ASSET_HUB_ID,
            polkadot_runtime_constants::system_parachain::COLLECTIVES_ID,
        >,
        RuntimeOrigin
>,

Note: We can deprecated those and replace by generic SystemParachainAsSuperuser which could provide parents: 0/1, so we will have just one converter at all.

  • Question, is trusting to the location enough or we need to add some Plurality?

This was referenced Feb 13, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
AHM
Status: Ready
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bkontur